Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP Open Source Middleware Stacks Blueprint:: Web Server on HP ProLiant Servers with SUSE Linux Enterprise Server Version 10

Appendix B: Frequently Asked Questions
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

Q: How do I disable firewall settings?

A: By default, SLES has a firewall enabled. This prevents external systems from accessing ports below 1024. Enter the following to disable the firewall:

# /sbin/SuSEfirewall2 stop

CAUTION: Disabling the firewall is not advisable. If any external applications need to communicate with the system, open only those specific ports for outside access rather than fully disabling the firewall.

Q: How do I open specific ports without disabling the firewall?

A: SLES by default prevents external systems from connecting to any of the reserved port numbers (0 to 1023). To open a specific port, use one of the following three methods:

Configure with YaST:

To open a specified port using the YaST GUI, perform the following steps:

  1. From the YaST Control Center, access the YaST GUI.

  2. Select Security and Users Firewall.

From the YaST GUI, you can perform some of the following tasks:

  • Configure firewall boot scripts

  • Stop the firewall, if it's running

  • Save settings to the script /etc/sysconfig/SuSEfirewall2

  • Start the firewall with new settings

Configure manually:

To manually open a specified port, perform the following steps:

  1. Use the YaST module System Services (runlevel) to enable SuSEfirewall2 in your runlevel (the setting will most likely be 3 or 5). This sets the symlinks for the SuSEfirewall2_* scripts to the /etc/init.d/rc?.d/ directories.

  2. Modify the /etc/sysconfig/SuSEfirewall2 file. A number of example scenarios can be found in /usr/share/doc/packages/SuSEfirewall2/EXAMPLES.

    For the easiest configuration, you only need to add the TCP ports to FW_SERVICES_EXT_TCP.

    For example, the following configuration enables HTTP, SSH and Tomcat services when the firewall is up:

    FW_SERVICE_EXT_TCP="±80 443 22 8080 8443 8009"

  3. Test and start the firewall using one of the following SuSEfirewall2_* scripts:

    /sbin/SuSEfirewall2 test

    /sbin/SuSEfirewall2 start

Configure using the iptables command:

To open a specified port using the iptables command, enter the following::

# iptables -I INPUT -s 0/0 -d 0/0 -p tcp \

--dport <port number> --syn -j ACCEPT

# iptables -save /sbin/SuSEfirewall2 restart

For example:

# iptables -I INPUT -s 0/0 -d 0/0 \-p tcp
 --dport 80 --syn -j ACCEPT 
# iptables-save /sbin/SuSEfirewall2 restart


Appendix A: Checklist for Building a Web Server Middleware Stack
  		 


Appendix C: Vendor Information Reference  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.